| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1566251705-7133-1-git-send-email-wenwen@cs.uga.edu>
Date: Mon, 19 Aug 2019 16:55:04 -0500
From: Wenwen Wang <wenwen@...uga.edu>
To: Wenwen Wang <wenwen@...uga.edu>
Cc: David Woodhouse <dwmw2@...radead.org>,
Richard Weinberger <richard@....at>,
linux-mtd@...ts.infradead.org (open list:JOURNALLING FLASH FILE SYSTEM
V2 (JFFS2)), linux-kernel@...r.kernel.org (open list)
Subject: [PATCH] jffs2: fix a memory leak bug
In jffs2_scan_eraseblock(), 'sumptr' is allocated through kmalloc() if
'sumlen' is larger than 'buf_size'. However, it is not deallocated in the
following execution if jffs2_fill_scan_buf() fails, leading to a memory
leak bug. To fix this issue, free 'sumptr' before returning the error.
Signed-off-by: Wenwen Wang <wenwen@...uga.edu>
---
fs/jffs2/scan.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/fs/jffs2/scan.c b/fs/jffs2/scan.c
index 90431dd..5f7e284 100644
--- a/fs/jffs2/scan.c
+++ b/fs/jffs2/scan.c
@@ -527,8 +527,11 @@ static int jffs2_scan_eraseblock (struct jffs2_sb_info *c, struct jffs2_eraseblo
err = jffs2_fill_scan_buf(c, sumptr,
jeb->offset + c->sector_size - sumlen,
sumlen - buf_len);
- if (err)
+ if (err) {
+ if (sumlen > buf_size)
+ kfree(sumptr);
return err;
+ }
}
}
--
2.7.4
Powered by blists - more mailing lists